[coreboot] coreboot static analysis - coverity & scan-build
Martin Roth
gaumless at gmail.com
Wed Aug 8 18:56:42 CEST 2018
coreboot now has nightly static analysis using scan-build:
https://www.coreboot.org/scan-build/
We aren't currently keeping any sort of metrics or making a global
list of all errors, we're just publishing the output for the
individual boards.
coreboot also runs bi-weekly scans using coverity's free open-source interface.
Log in or sign up here:
https://scan.coverity.com/projects/coreboot?tab=overview
The current coverity defect count is 317, broken down as follows:
/payloads: 11
/src, excluding vendorcode: 154
/src/vendorcode: 120
/util: 32
Here are the "/src, excluding vendorcode" issues. To see more
information about the issues, use the coverity link above.
CoverityID Type File
1380296 Resource leak /src/arch/x86/acpi_device.c
1380295 Resource leak /src/arch/x86/acpi_device.c
1380294 Resource leak /src/arch/x86/acpi_device.c
1380293 Resource leak /src/arch/x86/acpi_device.c
1380292 Resource leak /src/arch/x86/acpi_device.c
1357457 Resource leak /src/arch/x86/acpi_device.c
1357456 Resource leak /src/arch/x86/acpi_device.c
1354849 Overflowed return value /src/arch/x86/tables.c
1384423 Untrusted pointer read /src/commonlib/fsp_relocate.c
1370582 Uninitialized scalar variable /src/cpu/x86/mtrr/mtrr.c
1379932 Explicit null dereferenced
/src/drivers/amd/agesa/state_machine.c
1362592 Dereference null return value
/src/drivers/generic/max98357a/max98357a.c
1363355 Wrong sizeof argument
/src/drivers/intel/fsp2_0/upd_display.c
1375565 Logically dead code /src/drivers/spi/spi_flash.c
751084 Out-of-bounds access
/src/drivers/xgi/common/vb_setmode.c
1271711 Logically dead code
/src/include/device/hypertransport_def.h
1370576 Dereference before null check /src/lib/edid.c
1374795 Destination buffer too small /src/lib/edid.c
1229647 Missing break in switch /src/lib/edid.c
1354970 Out-of-bounds access /src/lib/selfboot.c
1373368 Logically dead code
/src/mainboard/asus/f2a85-m/romstage.c
1370586 Uninitialized scalar variable
/src/mainboard/asus/kfsn4-dre/romstage.c
1370578 Uninitialized scalar variable
/src/mainboard/asus/kfsn4-dre/romstage.c
1241839 Various
/src/mainboard/emulation/qemu-i440fx/fw_cfg.c
1365730 Destination buffer too small
/src/mainboard/google/eve/romstage.c
1375985 Explicit null dereferenced
/src/mainboard/google/link/i915.c
1375986 Improper use of negative value
/src/mainboard/google/link/i915.c
1387028 Bad bit shift operation
/src/mainboard/google/poppy/variants/nami/memory.c
1229682 Out-of-bounds read
/src/northbridge/amd/amdfam10/ht_config.c
1229680 Out-of-bounds read
/src/northbridge/amd/amdfam10/ht_config.c
1229681 Out-of-bounds write
/src/northbridge/amd/amdfam10/ht_config.c
1229679 Out-of-bounds write
/src/northbridge/amd/amdfam10/ht_config.c
1347343 Unintended sign extension
/src/northbridge/amd/amdfam10/northbridge.c
1347336 Uninitialized scalar variable
/src/northbridge/amd/amdmct/mct_ddr3/mct_d.c
1347323 Unused value
/src/northbridge/amd/amdmct/mct_ddr3/mct_d.c
1347322 Unused value
/src/northbridge/amd/amdmct/mct_ddr3/mct_d.c
1347321 Unused value
/src/northbridge/amd/amdmct/mct_ddr3/mct_d.c
1347369 Logically dead code
/src/northbridge/amd/amdmct/mct_ddr3/mctrci.c
1347370 Logically dead code
/src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c
1347326 Unused value
/src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c
1347325 Unused value
/src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c
1347324 Unused value
/src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c
1229659 Improper use of negative value
/src/northbridge/amd/amdmct/mct/mct_d.c
1229618 Logically dead code
/src/northbridge/amd/amdmct/mct/mct_d.c
1229583 Same on both sides
/src/northbridge/amd/amdmct/mct/mctardk3.c
1229626 Logically dead code
/src/northbridge/amd/amdmct/mct/mctardk4.c
1229636 Explicit null dereferenced
/src/northbridge/amd/amdmct/mct/mctsrc.c
1229646 Missing break in switch
/src/northbridge/amd/lx/northbridgeinit.c
1229629 Division or modulo by zero
/src/northbridge/amd/lx/raminit.c
1229577 Logical vs. bitwise operator
/src/northbridge/amd/lx/raminit.c
1241851 Dereference before null check
/src/northbridge/amd/pi/00730F01/dimmSpd.c
1229634 Dereference after null check
/src/northbridge/amd/pi/00730F01/northbridge.c
1229565 Bad bit shift operation
/src/northbridge/intel/gm45/early_reset.c
1229611 Constant variable guards dead code
/src/northbridge/intel/gm45/pcie.c
1229563 Bad bit shift operation
/src/northbridge/intel/gm45/raminit.c
1229612 Logically dead code
/src/northbridge/intel/i440bx/raminit.c
1229717 Structurally dead code
/src/northbridge/intel/i945/raminit.c
1229562 Bad bit shift operation
/src/northbridge/intel/nehalem/raminit.c
1229561 Bad bit shift operation
/src/northbridge/intel/nehalem/raminit.c
1229628 Division or modulo by zero
/src/northbridge/intel/nehalem/raminit.c
1229675 Out-of-bounds read
/src/northbridge/intel/nehalem/raminit.c
1347372 Logically dead code
/src/northbridge/intel/pineview/raminit.c
1347387 Operands don't affect result
/src/northbridge/intel/pineview/raminit.c
1347386 Operands don't affect result
/src/northbridge/intel/pineview/raminit.c
1347378 Operands don't affect result
/src/northbridge/intel/pineview/raminit.c
1347356 Unsigned compared against 0
/src/northbridge/intel/pineview/raminit.c
1347330 Unused value
/src/northbridge/intel/pineview/raminit.c
1347329 Unused value
/src/northbridge/intel/pineview/raminit.c
1347328 Unused value
/src/northbridge/intel/pineview/raminit.c
1347327 Unused value
/src/northbridge/intel/pineview/raminit.c
1229715 Uninitialized scalar variable
/src/northbridge/intel/sandybridge/raminit_common.c
1347351 Out-of-bounds read
/src/northbridge/intel/x4x/ram_calc.c
1347350 Out-of-bounds read
/src/northbridge/intel/x4x/ram_calc.c
1391088 Division or modulo by zero
/src/northbridge/intel/x4x/raminit_ddr23.c
1393458 Logically dead code
/src/northbridge/intel/x4x/raminit_ddr23.c
1391091 Operands don't affect result
/src/northbridge/intel/x4x/raminit_ddr23.c
1391090 Operands don't affect result
/src/northbridge/intel/x4x/raminit_ddr23.c
1391089 Operands don't affect result
/src/northbridge/intel/x4x/raminit_ddr23.c
1391087 Operands don't affect result
/src/northbridge/intel/x4x/raminit_ddr23.c
1391085 Wrong operator used
/src/northbridge/intel/x4x/raminit_ddr23.c
1229564 Bad bit shift operation
/src/northbridge/via/vx900/chrome9hd.c
1391086 Bad bit shift operation
/src/northbridge/via/vx900/memmap.c
1229666 Unintentional integer overflow
/src/northbridge/via/vx900/northbridge.c
1229665 Unintentional integer overflow
/src/northbridge/via/vx900/northbridge.c
1295492 Stray semicolon
/src/soc/broadcom/cygnus/ddr_init.c
1295493 Structurally dead code
/src/soc/broadcom/cygnus/ddr_init.c
1295501 Dereference after null check /src/soc/broadcom/cygnus/gpio.c
1295498 Dereference after null check /src/soc/broadcom/cygnus/gpio.c
1295496 Dereference after null check /src/soc/broadcom/cygnus/gpio.c
1295495 Dereference after null check /src/soc/broadcom/cygnus/gpio.c
1295490 Dereference after null check /src/soc/broadcom/cygnus/gpio.c
1295488 Dereference after null check /src/soc/broadcom/cygnus/gpio.c
1295486 Dereference after null check /src/soc/broadcom/cygnus/gpio.c
1295497 Macro compares unsigned to 0 /src/soc/broadcom/cygnus/i2c.c
1295500 Logically dead code
/src/soc/broadcom/cygnus/shmoo_and28.c
1393966 Logically dead code /src/soc/cavium/cn81xx/uart.c
1372243 Buffer not null terminated /src/soc/intel/apollolake/cse.c
1229677 Out-of-bounds read /src/soc/intel/baytrail/gfx.c
1229702 Unintended sign extension /src/soc/intel/baytrail/gfx.c
1229701 Unintended sign extension /src/soc/intel/baytrail/gfx.c
1229700 Unintended sign extension /src/soc/intel/baytrail/gfx.c
1229699 Unintended sign extension /src/soc/intel/baytrail/gfx.c
1384425 Logically dead code
/src/soc/intel/broadwell/pmutil.c
1391422 Same on both sides
/src/soc/intel/broadwell/romstage/raminit.c
1384424 Logically dead code
/src/soc/intel/common/block/gpio/gpio.c
1384420 Logically dead code
/src/soc/intel/common/block/gpio/gpio.c
1384419 Logically dead code
/src/soc/intel/common/block/gpio/gpio.c
1384414 Logically dead code
/src/soc/intel/common/block/gpio/gpio.c
1381621 Unused value
/src/soc/intel/common/block/smm/smitraphandler.c
1371814 Buffer not null terminated /src/soc/intel/common/smbios.c
1229673 Out-of-bounds read /src/soc/intel/skylake/cpu.c
1362809 Dereference after null check
/src/soc/marvell/mvmap2315/load_validate.c
1384418 Out-of-bounds access /src/soc/mediatek/mt8173/i2c.c
1260981 Division or modulo by zero
/src/soc/nvidia/tegra124/clock.c
1293140 Logically dead code /src/soc/nvidia/tegra124/dp.c
1293138 Logically dead code /src/soc/nvidia/tegra124/dp.c
1293137 Missing break in switch /src/soc/nvidia/tegra124/sor.c
1287070 Unused value /src/soc/nvidia/tegra124/sor.c
1294805 Dereference after null check /src/soc/nvidia/tegra210/dsi.c
1294800 Unintended sign extension /src/soc/nvidia/tegra210/dsi.c
1241854 Dereference after null check /src/soc/nvidia/tegra210/spi.c
1241838 Dereference before null check /src/soc/nvidia/tegra210/spi.c
1294801 Resource leak /src/soc/qualcomm/ipq806x/lcc.c
1294795 Logically dead code /src/soc/rockchip/common/edp.c
1294799 Structurally dead code /src/soc/rockchip/common/edp.c
1294798 Unused value /src/soc/rockchip/common/edp.c
1325861 Operands don't affect result
/src/soc/rockchip/rk3288/clock.c
1325857 Logically dead code /src/soc/rockchip/rk3288/hdmi.c
1291959 Missing break in switch
/src/soc/rockchip/rk3288/sdram.c
1365976 Operands don't affect result
/src/soc/rockchip/rk3399/clock.c
1355168 Operands don't affect result
/src/soc/rockchip/rk3399/clock.c
1355166 Operands don't affect result
/src/soc/rockchip/rk3399/clock.c
1375443 Unintentional integer overflow /src/soc/rockchip/rk3399/mipi.c
1354778 Uninitialized scalar variable
/src/soc/samsung/exynos5250/uart.c
1375671 Various
/src/soc/samsung/exynos5420/spi.c
1241880 Extra high-order bits
/src/southbridge/amd/cimx/sb900/early.c
1241812 Logical vs. bitwise operator
/src/southbridge/amd/cimx/sb900/early.c
1241823 Logically dead code
/src/southbridge/amd/cimx/sb900/early.c
1229584 Extra high-order bits /src/southbridge/amd/rs780/ht.c
1347373 Logically dead code
/src/southbridge/amd/sb700/early_setup.c
1229582 Extra high-order bits
/src/southbridge/amd/sb800/usb.c
1347384 Extra high-order bits
/src/southbridge/amd/sr5650/pcie.c
1229676 Out-of-bounds read
/src/southbridge/amd/sr5650/pcie.c
1362811 Resource leak
/src/southbridge/amd/sr5650/sr5650.c
1287065 Unused value
/src/southbridge/amd/sr5650/sr5650.c
1229598 Logically dead code
/src/southbridge/intel/i82801gx/smihandler.c
1229607 Logically dead code
/src/southbridge/intel/lynxpoint/lpc.c
1384422 Logically dead code
/src/southbridge/intel/lynxpoint/pmutil.c
1384421 Logically dead code
/src/southbridge/intel/lynxpoint/pmutil.c
1384417 Logically dead code
/src/southbridge/intel/lynxpoint/pmutil.c
1384416 Logically dead code
/src/southbridge/intel/lynxpoint/pmutil.c
1384415 Logically dead code
/src/southbridge/intel/lynxpoint/pmutil.c
1370583 Uninitialized scalar variable
/src/southbridge/nvidia/ck804/early_setup_car.c
1370581 Uninitialized scalar variable
/src/southbridge/nvidia/ck804/early_setup_car.c
More information about the coreboot
mailing list